OK, someone at Microsoft really dropped the ball with this one. HTTP to HTTPS redirection is one of those things that everyone needs to do, and in fact everyone should do (seriously, there is no excuse for unencrypted HTTP now, stop it).

This is even stranger when you consider the fact that all the Application Gateway actually consists of is a specially configured IIS VM set. And to do this natively in IIS is really quite easy. Until Microsoft fix this little faux pas however there is a simple workaround using a small Ubuntu VM and a little reconfiguration of our Application Gateway.

Concept

What we are trying to achieve is summarized in this diagram.

We will be setting up two ports on our application gateway, one for plain traffic (port 80) and one for HTTPS traffic (port 443). When the gateway receives HTTP traffic it will forward it to an Ubuntu server running nginx where the request will be redirected to HTTPS. HTTPS traffic will be decrypted at the gateway and passed to our IIS box as normal.

How To

For the purposes of this guide I will assume you have already configured an Application Gateway with SSL offload and the backend IIS (or other web server) to match. I will focus on building the Ubuntu 16.04 VM and configuring nginx, as well as modifying the Application Gateway configuration.

Building the redirect server

Provision a new Ubuntu VM from the Azure Portal. It does not have to be particularly large, remember it will exist solely to redirect traffic.

Once the machine is provisioned and you have logged in lets get everything up to date.

sudo apt-get update && sudo apt-get upgrade

Next we install nginx.

sudo apt-get install nginx

With nginx installed we can now start getting it configured. As we will be using this box for redirects only we can simply modify the default configuration.